When a user changes their Google password, it revokes access to all applications.
"Automatic OAuth 2.0 token revocation upon password change
To increase account security for Google users, OAuth 2.0 tokens issued for access to certain products are automatically revoked when a user's password is changed. Third-party mail apps like Apple Mail and Mozilla Thunderbird―as well as other applications that use mail scopes to access a user’s mail―will stop syncing data upon password reset until a new OAuth 2.0 token has been granted. A new token will be granted when the user re-authenticates with their Google account username and password.
Third-party mail applications on mobile are also included in this policy change. For example, users who use the native mail application on iOS will now have to re-authenticate with their Google account credentials when their password has been changed. This new behavior for third-party mail apps on mobile aligns with the current behavior with Gmail on iOS and Android, which also require re-authentication upon password reset.
The token revocation process does not include applications built on Apps Script, even if the script accesses mail.
• If the password change is triggered from an Android device, the OAuth token for the account sync used by this Android device is not revoked.
• Gmail IMAP sessions authenticated using OAuth aren't affected by a password change, but are limited to the validity period of the access token (usually 1 hour)."
To read more, visit Google's WorkSpace Admin Help Page.